A communication system is a facility that enables communication between two or more entities such as user terminal equipment and/or network entities and other nodes associated with a communication system. The communication may comprise, for example, communication of voice, electronic mail (email), text messages, data, multimedia and so on.
The communication may be provided by fixed line and/or wireless communication interfaces. A feature of wireless communication systems is that they provide mobility for the users thereof. An example of a communication system providing wireless communication is a public land mobile network (PLMN). An example of the fixed line system is a public switched telephone network (PSTN).
A cellular telecommunication system is a communications system that is based on the use of radio access entities and/or wireless service areas. The access entities are typically referred to as cells. Examples of cellular telecommunication standards includes standards such as GEM (Global System for Mobile communications), GPRS (General Packet Radio Servers), AMPS (American Mobile Phone System), DAMPS (Digital AMPS), WCDMA (Wideband Code Division Multiple Access), UMTS (Universal Mobile Telecommunication System) and CDMA 2000 (Code Division Multiple Access 2000).
The advent of wireless LAN (WLAN) technology has started efforts to use WLAN technology as a basis of or as a part of a wireless communication network. For example, a WLAN network can according to some current plans act as an access network of a cellular communication system. Known WLAN based designs typically use solutions known from fixed IPv4 or IPv6 networks as such or modified to suit the practical requirements of wireless operations. In a similar vein, use of many other types of local connectivity such as Bluetooth, infrared or even cable connections to local access nodes have been planned. Consequently, a mobile terminal may well be able to connect to a communications network over a plurality of physical connections such as fixed wires, short-range radio or infrared links, or medium to long range radio links, according to local availability of networks and connection modes.
Currently, arranging security for connections between a mobile terminal and an access node is an area of high interest. Various solutions have already been proposed, but there are still plenty of remaining problems in the prior art.
For example, it is known to distribute one session key to a plurality of access nodes and to a mobile terminal. This solution has the disadvantage, that if the security of one of these access nodes is breached, an attacker may be able to break the security of communications between the mobile terminal and the communication system using a session key obtained from the breached access node.
One drawback of some known solutions is that a security node of the communication network is required to take part in handoff procedures in order to provide a session key to a mobile terminal and to an access node to which the mobile terminal is attempting to connect. This produces a requirement that the security node needs to be able to respond quickly in order not to slow down handoff procedures. This requirement can be a heavy burden, as generation of keys can be processor intensive, especially when high security levels are required. In an environment where there are large numbers of mobile terminals and access nodes, this requirement can be especially heavy due to high frequency of handoffs. A solution which does not require the participation of a security node in a handoff procedure is needed.
One known solution for providing session keys to a mobile terminal and access nodes is to have a security node to send the session keys to the mobile terminal, which then provides session keys to access points as needed. This has the drawback, that the mobile terminal needs to store the session keys, and to communicate them to access points, which increases storage and signalling requirements.
Arranging authentication between access nodes is also a problem. One known solution is to arrange preshared keys between access nodes which are required to communicate to each other, and for example use IPSec technology to secure and authenticate the connection. Such a solution has the drawback that these preshared keys need to be installed in the access nodes, which increases complexity and signalling.
Use of asymmetric cryptography for deriving cryptographically separate session keys between communicating parties is known. For example, if a mobile terminal and an access node both have a public and secret key pair, they can negotiate a session key based on their key pairs. Such a negotiation and key derivation process may be heavy for devices with low processing capacity. A solution providing cryptographically separate session keys for communication between a mobile terminal and an access node without synchronized asymmetric key derivation during handoff procedures and synchronized signalling with a security node during the handoff procedures is needed.
During a handoff procedure, i.e. a procedure in which a mobile terminal transfers an ongoing connection from one access node to another, exchange of information related to the ongoing communication session needs to be arranged between the two access nodes. This information is often called the session context. This information exchange should be encrypted and integrity protected to prevent eavesdropping and attacks by malicious or spoofed access nodes. For this, the access nodes need keys for encryption and decryption of the session context data and the associated signalling. One possible solution would be to establish a security association between each pair of access nodes that can be expected to need to communicate between each other, but this can be a heavy management burden if the number of access nodes is large.